summaryrefslogtreecommitdiff
path: root/scripts
diff options
context:
space:
mode:
authorStephen Hemminger <stephen.hemminger@vyatta.com>2010-02-02 17:32:43 -0800
committerStephen Hemminger <stephen.hemminger@vyatta.com>2010-02-02 17:32:43 -0800
commite659fd609925f016b8682985313eb5322fb86115 (patch)
tree38c6fcc086603ceaa29751cee9ad8e80bb51513f /scripts
parentb97952516e5afc651ae5423d23fe09a09e1aeb4a (diff)
downloadvyatta-cfg-firewall-e659fd609925f016b8682985313eb5322fb86115.tar.gz
vyatta-cfg-firewall-e659fd609925f016b8682985313eb5322fb86115.zip
Remove old Xorp template
Diffstat (limited to 'scripts')
-rw-r--r--scripts/firewall/firewall.tp538
1 files changed, 0 insertions, 538 deletions
diff --git a/scripts/firewall/firewall.tp b/scripts/firewall/firewall.tp
deleted file mode 100644
index 0948068..0000000
--- a/scripts/firewall/firewall.tp
+++ /dev/null
@@ -1,538 +0,0 @@
-/*
- * Module: firewall.tp
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License version 2 as published by the
- * Free Software Foundation.
- *
- */
-firewall {
- targetname: txt = "rl_firewall";
-/* disable: toggle = true;*/
-
- log-martians: txt = "enable";
- send-redirects: txt = "disable";
- receive-redirects:txt = "disable";
- ip-src-route: txt = "disable";
- broadcast-ping: txt = "disable";
- syn-cookies: txt = "enable";
-
- name @: txt {
- description: txt;
- rule @: u32 {
- protocol: txt = "all";
- icmp {
- type: txt;
- code: txt;
- }
-
- state {
- established: txt;
- new: txt;
- related: txt;
- invalid: txt;
- }
-
- action: txt;
- log: txt = "disable";
-
- source {
- address: ipv4;
- network: ipv4net;
- range {
- start: ipv4;
- stop: ipv4;
- }
-
- port-number: u32;
- port-name: txt;
- port-range {
- start: u32;
- stop: u32;
- }
-
- }
- destination {
- address: ipv4;
- network: ipv4net;
- range {
- start: ipv4;
- stop: ipv4;
- }
-
- port-number: u32;
- port-name: txt;
- port-range {
- start: u32;
- stop: u32;
- }
- }
- }
- }
-}
-
-interfaces {
- ethernet @: txt {
- firewall {
-
- in {
- name: txt;
- }
- out {
- name: txt;
- }
- local {
- name: txt;
- }
- }
-
- vif @: txt {
- firewall {
- in {
- name: txt;
- }
- out {
- name: txt;
- }
- local {
- name: txt;
- }
- }
- }
- }
-}
-
-firewall {
- %help: short "Firewall configuration";
- %modinfo: provides firewall;
-
- %modinfo: path "libexec/xorp/xorp_rl_firewall";
- %modinfo: default_targetname "rl_firewall";
- %modinfo: start_commit program "/opt/vyatta/sbin/xorp_tmpl_tool cleanup";
- %modinfo: end_commit program "/opt/vyatta/sbin/xorp_tmpl_tool commit";
- %modinfo: status_method xrl "$(firewall.targetname)/common/0.1/get_status->status:u32&reason:txt";
- /*
- %modinfo: shutdown_method xrl "$(firewall.targetname)/rl_firewall/0.1/shutdown_firewall";
- */
- %modinfo: shutdown_method program "/opt/vyatta/sbin/xorp_tmpl_tool cleanup && /opt/vyatta/sbin/xorp_tmpl_tool delete firewall && /opt/vyatta/sbin/xorp_tmpl_tool commit && /opt/vyatta/sbin/xorp_tmpl_tool rtrmgr_indirect_cleanup";
-
- /*
- %delete: xrl "$(firewall.targetname)/rl_firewall/0.1/delete_rl_firewall";
- */
- %delete: ;
-
- targetname {
- %user-hidden: "XRL target name";
- %help: short "Set the target name";
- }
-
- log-martians {
- %help: short "Configure log martians";
- %allow: $(@) "enable" %help: "Enable log martians";
- %allow: $(@) "disable" %help: "Disable log martians";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall log-martians $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall log-martians";
- }
-
- send-redirects {
- %help: short "Configure send redirects";
- %allow: $(@) "enable" %help: "Enable send redirects";
- %allow: $(@) "disable" %help: "Disable send redirects";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall send-redirects $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall send-redirects";
- }
-
- receive-redirects {
- %help: short "Configure receive redirects";
- %allow: $(@) "enable" %help: "Enable receive redirects";
- %allow: $(@) "disable" %help: "Disable receive redirects";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall receive-redirects $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall receive-redirects";
- }
-
- ip-src-route {
- %help: short "Configure IP source route";
- %allow: $(@) "enable" %help: "Enable IP source route";
- %allow: $(@) "disable" %help: "Disable IP source route";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall ip-src-route $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall ip-src-route";
- }
-
- broadcast-ping {
- %help: short "Configure broadcast ping";
- %allow: $(@) "enable" %help: "Enable broadcast ping";
- %allow: $(@) "disable" %help: "Disable broadcast ping";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall broadcast-ping $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall broadcast-ping";
- }
-
- syn-cookies {
- %help: short "Configure SYN cookies";
- %allow: $(@) "enable" %help: "Enable SYN cookies";
- %allow: $(@) "disable" %help: "Disable SYN cookies";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall syn-cookies $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall syn-cookies";
- }
- name @: txt {
- %help: short "Configure firewall rule set name";
-
- %create: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name '$(@)'";
- %update: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name '$(@)'";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name '$(@)'";
-
- description {
- %help: short "Firewall description";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) description '$(@)'";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) description";
-
- }
-
- rule @: u32 {
- %help: short "Firewall rule number in range from 1 to 1024";
- %order: sorted-numeric;
- %allow-range: $(@) "1" "1024" %help: "Firewall rule number";
-
- %create: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(@)";
- %update: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(@)";
-
- protocol {
- %help: short "Configure Protocol";
- %allow: $(@) "all" %help: "";
- %allow: $(@) "tcp" %help: "";
- %allow: $(@) "udp" %help: "";
- %allow: $(@) "icmp" %help: "";
- %allow: $(@) "igmp" %help: "";
- %allow: $(@) "ipencap" %help: "";
- %allow: $(@) "gre" %help: "";
- %allow: $(@) "esp" %help: "";
- %allow: $(@) "ah" %help: "";
- %allow: $(@) "ospf" %help: "";
- %allow: $(@) "pim" %help: "";
- %allow: $(@) "vrrp" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) protocol $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) protocol";
- }
-
- icmp {
- %help: short "ICMP type and code settings";
- %mandatory: $(@.type);
-
- type {
- %help: short "ICMP type";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) icmp type $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) icmp type";
- }
-
- code {
- %help: short "ICMP code";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) icmp code $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) icmp code";
- }
- }
-
- state {
- %help: short "Rule state";
-
- established {
- %help: short "Configure established state";
- %allow: $(@) "enable" %help: "Enable established state";
- %allow: $(@) "disable" %help: "Disable established state";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state established $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state established";
- }
-
- new {
- %help: short "Configure new state";
- %allow: $(@) "enable" %help: "Enable new state";
- %allow: $(@) "disable" %help: "Disable new state";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state new $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state new";
- }
-
- related {
- %help: short "Configure related state";
- %allow: $(@) "enable" %help: "Enable related state";
- %allow: $(@) "disable" %help: "Disable related state";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state related $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state related";
- }
-
- invalid {
- %help: short "Configure invalid state";
- %allow: $(@) "enable" %help: "Enable invalid state";
- %allow: $(@) "disable" %help: "Disable invalid state";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) state invalid $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) state invalid";
- }
- }
-
- action {
- %help: short "Configure rule action";
- %allow: $(@) "accept" %help: "Accept packet";
- %allow: $(@) "drop" %help: "Silently drop packet";
- %allow: $(@) "reject" %help: "Reject packet with TCP reset";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) action $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) action";
- }
-
- log {
- %help: short "Configure firewall logging";
- %allow: $(@) "enable" %help: "Enable firewall logging";
- %allow: $(@) "disable" %help: "Disable firewall logging";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) log $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) log";
- }
-
- source {
- %help: short "Firewall source parameters";
-
- address {
- %help: short "Source address";
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source address $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source address";
- }
-
- network {
- %help: short "Source network";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source network $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source network";
- }
- range {
- %mandatory: $(@.start);
- %mandatory: $(@.stop);
- %help: short "Source range start and stop";
-
- start {
- %help: short "Source range start";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source range start $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source range start";
- }
- stop {
- %help: short "Source range stop";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source range stop $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source range stop";
- }
- }
-
- port-number {
- %help: short "Source port number";
- %allow-range: $(@) "1" "65535" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-number $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-number";
- }
-
- port-name {
- %help: short "Source port name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-name";
- }
-
- port-range {
- %help: short "Source port range start and stop";
- %mandatory: $(@.start);
- %mandatory: $(@.stop);
-
- start {
- %help: short "Source port range start";
- %allow-range: $(@) "1" "65535" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-range start $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-range start";
-
- }
- stop {
- %help: short "Source port range stop";
- %allow-range: $(@) "1" "65535" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) source port-range stop $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) source port-range stop";
- }
- }
- }
- destination {
- %help: short "Firewall destination parameters";
-
- address {
- %help: short "Destination address";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination address $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination address";
- }
-
- network {
- %help: short "Destination network";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination network $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination network";
- }
-
- range {
- %help: short "Destination range start and stop";
- %mandatory: $(@.start);
- %mandatory: $(@.stop);
-
- start {
- %help: short "Destination range start";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination range start $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination range start";
- }
-
- stop {
- %help: short "Destination range stop";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination range stop $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination range stop";
- }
- }
-
- port-number {
- %help: short "Destination port number";
- %allow-range: $(@) "1" "65535" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-number $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-number";
- }
-
- port-name {
- %help: short "Destination port name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-name";
- }
-
- port-range {
- %help: short "Port range start and stop";
- %mandatory: $(@.start);
- %mandatory: $(@.stop);
-
- start {
- %help: short "Destination port range start";
- %allow-range: $(@) "1" "65535" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-range start $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-range start";
- }
- stop {
- %help: short "Destination port range stop";
- %allow-range: $(@) "1" "65535" %help: "";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set firewall name $(name.@) rule $(rule.@) destination port-range stop $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete firewall name $(name.@) rule $(rule.@) destination port-range stop";
- }
- }
- }
- }
- }
-}
-
-interfaces {
- ethernet @: txt {
- firewall {
- %help: short "Configure firewall options";
-
- in {
- %mandatory: $(@.name);
- %help: short "Filter forwarded packets on inbound interface";
-
- name {
- %help: short "Inbound interface filter name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) firewall in name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) firewall in name";
- }
-
- }
-
- out {
- %mandatory: $(@.name);
- %help: short "Filter forwarded packets on outbound interface";
-
- name {
- %help: short "Outbound interface filter name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) firewall out name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) firewall out name";
- }
-
- }
-
- local {
- %mandatory: $(@.name);
- %help: short "Filter packets destined for this router";
-
- name {
- %help: short "Local filter name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) firewall local name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) firewall local name";
- }
-
- }
- }
-
- vif @: txt {
- firewall {
- %help: short "Configure firewall options";
-
- in {
- %mandatory: $(@.name);
- %help: short "Filter forwarded packets on inbound interface";
-
- name {
- %help: short "Inbound interface filter name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) vif $(vif.@) firewall in name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) vif $(vif.@) firewall in name";
- }
- }
-
- out {
- %mandatory: $(@.name);
- %help: short "Filter forwarded packets on outbound interface";
-
- name {
- %help: short "Outbound interface filter name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) vif $(vif.@) firewall out name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) vif $(vif.@) firewall out name";
- }
- }
-
- local {
- %mandatory: $(@.name);
- %help: short "Filter packets destined for this router";
-
- name {
- %help: short "Local filter name";
-
- %set: program "/opt/vyatta/sbin/xorp_tmpl_tool set interfaces ethernet $(ethernet.@) vif $(vif.@) firewall local name $(@)";
- %delete: program "/opt/vyatta/sbin/xorp_tmpl_tool delete interfaces ethernet $(ethernet.@) vif $(vif.@) firewall local name";
- }
- }
- }
- }
- }
-}